June 23, 2009

Phishing and Malware: How Bad Do Things Have to Get Before We Hire a Sheriff?

Photo by Jan Tik Everyone has heard about phishing and malware. You’ve seen them in email links that take you places you really don’t want to go. After looking at a PowerPoint by Michael Kassner, I began to wonder how much the bad guys have affected our use of email – and if it’s time to call out the sheriff like we did in the old west and run the bad guys out of town.

Kassner suggests that when you get an email with an attachment, you contact the person who sent the email and ask if they intended to send an attachment. Right. That makes email really useful doesn’t it? Like I’m going to call up everyone who sends me an attachment. Isn’t that what anti-virus software is for? If the email is from a stranger or I’m not comfortable it’s from someone I should know after reading the body of the email, sure I may pass on opening the attachment. And if it’s an executable (.exe) file, I’ll usually skip it. But call up the sender? Not likely.

For links, he says to first make sure the link makes sense and isn’t misspelled. If it passes that test, copy and paste the link into a web browser. However, the best option is to not use the link at all. Instead, go to the web site and click through until you find the particular page.

Good suggestions. But isn’t that letting the tail wag the dog? I could also suggest that you can avoid street thugs by never going outside your home. But is that really how we want to live our lives? Are we going to let the ’street thugs’ of the internet dictate how we live our lives? Or is that the only choice we have? I sure hope not – but what else can we do?

I do look at links in email (or anywhere) before clicking on them. It’s usually easy to see the links that are bogus. A recent email supposedly from Bank of America (where I do not have an account) is a good example.

Example of phishing email

You can see the link in the email is different from the link you see when you move the mouse over the link.

It’s what you see right before the first single slash that is important – the part in the red box. That’s where your browser is going to take you.

And notice how the hidden links includes your email address (I’ve blacked most of it out). That means when you click on the link, you’re letting the bad guys know that your email address is good. If you decide to click on the link, hang on because that address is going to get boatloads of new junk.

Google ilfl1i1.net and you’ll quickly see it’s a phishing site. If you do happen to try to go to ilfl1i1.net and you’re using Firefox, you may see something like this:

Firefox warning

If you check the site on the McAfee Site Advisor site, you’ll see this:

McAfee SiteAdvisor warning

These kinds of problems are one reason that I now forward all my individual email accounts through Google mail. Their spam filter is good – better than anything else I’ve found. And when they think something is a little funny, you’ll see something like this.

Gmail phishing warning

Google isn’t perfect. It still misses a little (very little). But it catches most everything. Right now my Google spam box has 16,390 spam emails dating back to May 17^th. Of course, the problem with getting 300-500 spam emails every day is that if Google identifies something as spam, I may well never see it. I try to fool myself into thinking I’ll look at the spam box every once in a while to look for email that really is not spam. The reality is I just don’t have time to do it.

So we come back to my question. How much have the bad guys affected how we use email. Are we acting like people who stay off the streets because of thugs? If so, is this how we want to (or need to) live? If not, what do we do to combat it? Is there a technological solution? Or is the solution demanding that the legal system do something – much like those in the old west hired a sheriff to run the bad guys out of town when things got intolerable?

If you have suggestions, please share them by posting a comment. Or email me.

Walt